Arbitrary File-Write Vulnerability in Pega Browser Extension for Pega Robot Studio Developers
CVE-2026-0898

9CRITICAL

Key Information:

Vendor: Pegasystems
Status: Pega Robot Studio
Vendor: CVE Published:; 23 March 2026

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2026-0898?

An arbitrary file-write vulnerability exists within the Pega Browser Extension (PBE) that impacts developers using Pega Robot Studio to automate tasks in Google Chrome and Microsoft Edge. Specifically, developers utilizing versions 22.1 or R25 of the extension are at risk. This vulnerability allows potential exploitation when a developer is enticed to visit a malicious website while in interrogation mode within Pega Robot Studio, leading to unauthorized file writing. This issue does not affect users of the Robot Runtime.

Affected Version(s)

Pega Robot Studio 22.1

Pega Robot Studio R25

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Jan 13, 2026

Credit

Ramon Dunker from Achmea, Security Assessment Team

CVE-2026-0898 Data

JSON